From 44df1d792339f7874f22cf825f66d1e9bdfa6ea3 Mon Sep 17 00:00:00 2001 From: TheSpad Date: Sun, 9 Oct 2022 19:03:12 +0100 Subject: [PATCH 1/8] Initial commit --- .github/CONTRIBUTING.md | 4 +- .github/PULL_REQUEST_TEMPLATE.md | 2 +- .github/workflows/external_trigger.yml | 22 +-- .github/workflows/greetings.yml | 4 +- .github/workflows/package_trigger.yml | 14 +- Dockerfile | 91 +++++------ Dockerfile.aarch64 | 91 +++++------ Dockerfile.armhf | 91 +++++------ Jenkinsfile | 96 +++++------ README.md | 25 ++- jenkins-vars.yml | 6 +- readme-vars.yml | 6 +- root/defaults/Corefile | 1 + .../s6-rc.d/init-wireguard-module/run | 152 +----------------- root/etc/s6-overlay/s6-rc.d/svc-coredns/run | 19 ++- 15 files changed, 228 insertions(+), 396 deletions(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index d5ae6896..329a9cb0 100755 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -24,7 +24,7 @@ ## Readme If you would like to change our readme, please __**do not**__ directly edit the readme, as it is auto-generated on each commit. -Instead edit the [readme-vars.yml](https://github.com/linuxserver/docker-wireguard/edit/master/readme-vars.yml). +Instead edit the [readme-vars.yml](https://github.com/linuxserver/docker-wireguard/edit/alpine/readme-vars.yml). These variables are used in a template for our [Jenkins Builder](https://github.com/linuxserver/docker-jenkins-builder) as part of an ansible play. Most of these variables are also carried over to [docs.linuxserver.io](https://docs.linuxserver.io/images/docker-wireguard) @@ -115,7 +115,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Update the changelog -If you are modifying the Dockerfiles or any of the startup scripts in [root](https://github.com/linuxserver/docker-wireguard/tree/master/root), add an entry to the changelog +If you are modifying the Dockerfiles or any of the startup scripts in [root](https://github.com/linuxserver/docker-wireguard/tree/alpine/root), add an entry to the changelog ```yml changelogs: diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index ce5860d1..586810a4 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -21,7 +21,7 @@ ------------------------------ - - [ ] I have read the [contributing](https://github.com/linuxserver/docker-wireguard/blob/master/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications + - [ ] I have read the [contributing](https://github.com/linuxserver/docker-wireguard/blob/alpine/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications ------------------------------ diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml index 38684f84..dab44453 100755 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -4,24 +4,24 @@ on: workflow_dispatch: jobs: - external-trigger-master: + external-trigger-alpine: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2.3.3 - name: External Trigger - if: github.ref == 'refs/heads/master' + if: github.ref == 'refs/heads/alpine' run: | - if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER }}" ]; then - echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER is set; skipping trigger. ****" + if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_WIREGUARD_ALPINE }}" ]; then + echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_WIREGUARD_ALPINE is set; skipping trigger. ****" exit 0 fi - echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER\". ****" + echo "**** External trigger running off of alpine branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_WIREGUARD_ALPINE\". ****" echo "**** Retrieving external version ****" EXT_RELEASE=$(curl -u ${{ secrets.CR_USER }}:${{ secrets.CR_PAT }} -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name) if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then echo "**** Can't retrieve external version, exiting ****" - FAILURE_REASON="Can't retrieve external version for wireguard branch master" + FAILURE_REASON="Can't retrieve external version for wireguard branch alpine" GHA_TRIGGER_URL="https://github.com/linuxserver/docker-wireguard/actions/runs/${{ github.run_id }}" curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680, "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n**Trigger URL:** '"${GHA_TRIGGER_URL}"' \n"}], @@ -32,7 +32,7 @@ jobs: echo "**** External version: ${EXT_RELEASE} ****" echo "**** Retrieving last pushed version ****" image="linuxserver/wireguard" - tag="latest" + tag="alpine" token=$(curl -sX GET \ "https://ghcr.io/token?scope=repository%3Alinuxserver%2Fwireguard%3Apull" \ | jq -r '.token') @@ -54,7 +54,7 @@ jobs: IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}') if [ -z "${IMAGE_VERSION}" ]; then echo "**** Can't retrieve last pushed version, exiting ****" - FAILURE_REASON="Can't retrieve last pushed version for wireguard tag latest" + FAILURE_REASON="Can't retrieve last pushed version for wireguard tag alpine" curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680, "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}], "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} @@ -64,13 +64,13 @@ jobs: if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then echo "**** Version ${EXT_RELEASE} already pushed, exiting ****" exit 0 - elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then + elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/alpine/lastBuild/api/json | jq -r '.building') == "true" ]; then echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****" exit 0 else echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****" response=$(curl -iX POST \ - https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/buildWithParameters?PACKAGE_CHECK=false \ + https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/alpine/buildWithParameters?PACKAGE_CHECK=false \ --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") echo "**** Jenkins job queue url: ${response%$'\r'} ****" echo "**** Sleeping 10 seconds until job starts ****" @@ -85,7 +85,7 @@ jobs: --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ --data-urlencode "Submit=Submit" echo "**** Notifying Discord ****" - TRIGGER_REASON="A version change was detected for wireguard tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}" + TRIGGER_REASON="A version change was detected for wireguard tag alpine. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}" curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}], "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index d10ccf2f..941dc886 100644 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -8,6 +8,6 @@ jobs: steps: - uses: actions/first-interaction@v1 with: - issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-wireguard/blob/master/.github/ISSUE_TEMPLATE/issue.bug.md) or [feature](https://github.com/linuxserver/docker-wireguard/blob/master/.github/ISSUE_TEMPLATE/issue.feature.md) issue templates!' - pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-wireguard/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!' + issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-wireguard/blob/alpine/.github/ISSUE_TEMPLATE/issue.bug.md) or [feature](https://github.com/linuxserver/docker-wireguard/blob/alpine/.github/ISSUE_TEMPLATE/issue.feature.md) issue templates!' + pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-wireguard/blob/alpine/.github/PULL_REQUEST_TEMPLATE.md)!' repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/package_trigger.yml b/.github/workflows/package_trigger.yml index 8c10ea54..192c361e 100755 --- a/.github/workflows/package_trigger.yml +++ b/.github/workflows/package_trigger.yml @@ -4,25 +4,25 @@ on: workflow_dispatch: jobs: - package-trigger-master: + package-trigger-alpine: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2.3.3 - name: Package Trigger - if: github.ref == 'refs/heads/master' + if: github.ref == 'refs/heads/alpine' run: | - if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER }}" ]; then - echo "**** Github secret PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER is set; skipping trigger. ****" + if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_WIREGUARD_ALPINE }}" ]; then + echo "**** Github secret PAUSE_PACKAGE_TRIGGER_WIREGUARD_ALPINE is set; skipping trigger. ****" exit 0 fi - if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then + if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/alpine/lastBuild/api/json | jq -r '.building') == "true" ]; then echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****" exit 0 fi - echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER\". ****" + echo "**** Package trigger running off of alpine branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_WIREGUARD_ALPINE\". ****" response=$(curl -iX POST \ - https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/buildWithParameters?PACKAGE_CHECK=true \ + https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/alpine/buildWithParameters?PACKAGE_CHECK=true \ --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") echo "**** Jenkins job queue url: ${response%$'\r'} ****" echo "**** Sleeping 10 seconds until job starts ****" diff --git a/Dockerfile b/Dockerfile index dca46d7e..90e62202 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,63 +1,50 @@ -FROM ghcr.io/linuxserver/baseimage-ubuntu:jammy +FROM ghcr.io/linuxserver/baseimage-alpine:3.16 # set version label ARG BUILD_DATE ARG VERSION ARG WIREGUARD_RELEASE LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" -LABEL maintainer="aptalca" - -ENV DEBIAN_FRONTEND="noninteractive" +LABEL maintainer="thespad" RUN \ - echo "**** install dependencies ****" && \ - apt-get update && \ - apt-get install -y --no-install-recommends \ - bc \ - build-essential \ - curl \ - dkms \ - git \ - gnupg \ - ifupdown \ - iproute2 \ - iptables \ - iputils-ping \ - jq \ - libc6 \ - libelf-dev \ - net-tools \ - netcat \ - openresolv \ - perl \ - pkg-config \ - qrencode && \ - echo "**** install wireguard-tools ****" && \ - if [ -z ${WIREGUARD_RELEASE+x} ]; then \ - WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ - | jq -r .[0].name); \ - fi && \ - cd /app && \ - git clone https://git.zx2c4.com/wireguard-linux-compat && \ - git clone https://git.zx2c4.com/wireguard-tools && \ - cd wireguard-tools && \ - git checkout "${WIREGUARD_RELEASE}" && \ - make -C src -j$(nproc) && \ - make -C src install && \ - echo "**** install CoreDNS ****" && \ - COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ - | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ - curl -o \ - /tmp/coredns.tar.gz -L \ - "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_amd64.tgz" && \ - tar xf \ - /tmp/coredns.tar.gz -C \ - /app && \ - echo "**** clean up ****" && \ - rm -rf \ - /tmp/* \ - /var/lib/apt/lists/* \ - /var/tmp/* + echo "**** install dependencies ****" && \ + apk add --no-cache --virtual=build-dependencies \ + bc \ + build-base \ + coredns \ + elfutils-dev \ + gcc \ + git \ + linux-headers && \ + apk add --no-cache \ + bc \ + coredns \ + gnupg \ + iproute2 \ + iptables \ + iputils \ + libqrencode \ + net-tools \ + openresolv \ + perl && \ + echo "wireguard" >> /etc/modules && \ + echo "**** install wireguard-tools ****" && \ + if [ -z ${WIREGUARD_RELEASE+x} ]; then \ + WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ + | jq -r .[0].name); \ + fi && \ + cd /app && \ + git clone https://git.zx2c4.com/wireguard-linux-compat && \ + git clone https://git.zx2c4.com/wireguard-tools && \ + cd wireguard-tools && \ + git checkout "${WIREGUARD_RELEASE}" && \ + make -C src -j$(nproc) && \ + make -C src install && \ + echo "**** clean up ****" && \ + apk del --no-network build-dependencies && \ + rm -rf \ + /tmp/* # add local files COPY /root / diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 717455f1..8a2f0421 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,63 +1,50 @@ -FROM ghcr.io/linuxserver/baseimage-ubuntu:arm64v8-jammy +FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.16 # set version label ARG BUILD_DATE ARG VERSION ARG WIREGUARD_RELEASE LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" -LABEL maintainer="aptalca" - -ENV DEBIAN_FRONTEND="noninteractive" +LABEL maintainer="thespad" RUN \ - echo "**** install dependencies ****" && \ - apt-get update && \ - apt-get install -y --no-install-recommends \ - bc \ - build-essential \ - curl \ - dkms \ - git \ - gnupg \ - ifupdown \ - iproute2 \ - iptables \ - iputils-ping \ - jq \ - libc6 \ - libelf-dev \ - net-tools \ - netcat \ - openresolv \ - perl \ - pkg-config \ - qrencode && \ - echo "**** install wireguard-tools ****" && \ - if [ -z ${WIREGUARD_RELEASE+x} ]; then \ - WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ - | jq -r .[0].name); \ - fi && \ - cd /app && \ - git clone https://git.zx2c4.com/wireguard-linux-compat && \ - git clone https://git.zx2c4.com/wireguard-tools && \ - cd wireguard-tools && \ - git checkout "${WIREGUARD_RELEASE}" && \ - make -C src -j$(nproc) && \ - make -C src install && \ - echo "**** install CoreDNS ****" && \ - COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ - | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ - curl -o \ - /tmp/coredns.tar.gz -L \ - "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm64.tgz" && \ - tar xf \ - /tmp/coredns.tar.gz -C \ - /app && \ - echo "**** clean up ****" && \ - rm -rf \ - /tmp/* \ - /var/lib/apt/lists/* \ - /var/tmp/* + echo "**** install dependencies ****" && \ + apk add --no-cache --virtual=build-dependencies \ + bc \ + build-base \ + coredns \ + elfutils-dev \ + gcc \ + git \ + linux-headers && \ + apk add --no-cache \ + bc \ + coredns \ + gnupg \ + iproute2 \ + iptables \ + iputils \ + libqrencode \ + net-tools \ + openresolv \ + perl && \ + echo "wireguard" >> /etc/modules && \ + echo "**** install wireguard-tools ****" && \ + if [ -z ${WIREGUARD_RELEASE+x} ]; then \ + WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ + | jq -r .[0].name); \ + fi && \ + cd /app && \ + git clone https://git.zx2c4.com/wireguard-linux-compat && \ + git clone https://git.zx2c4.com/wireguard-tools && \ + cd wireguard-tools && \ + git checkout "${WIREGUARD_RELEASE}" && \ + make -C src -j$(nproc) && \ + make -C src install && \ + echo "**** clean up ****" && \ + apk del --no-network build-dependencies && \ + rm -rf \ + /tmp/* # add local files COPY /root / diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 783f66c4..1a8a835b 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -1,63 +1,50 @@ -FROM ghcr.io/linuxserver/baseimage-ubuntu:arm32v7-jammy +FROM ghcr.io/linuxserver/baseimage-alpine:arm32v7-3.16 # set version label ARG BUILD_DATE ARG VERSION ARG WIREGUARD_RELEASE LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" -LABEL maintainer="aptalca" - -ENV DEBIAN_FRONTEND="noninteractive" +LABEL maintainer="thespad" RUN \ - echo "**** install dependencies ****" && \ - apt-get update && \ - apt-get install -y --no-install-recommends \ - bc \ - build-essential \ - curl \ - dkms \ - git \ - gnupg \ - ifupdown \ - iproute2 \ - iptables \ - iputils-ping \ - jq \ - libc6 \ - libelf-dev \ - net-tools \ - netcat \ - openresolv \ - perl \ - pkg-config \ - qrencode && \ - echo "**** install wireguard-tools ****" && \ - if [ -z ${WIREGUARD_RELEASE+x} ]; then \ - WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ - | jq -r .[0].name); \ - fi && \ - cd /app && \ - git clone https://git.zx2c4.com/wireguard-linux-compat && \ - git clone https://git.zx2c4.com/wireguard-tools && \ - cd wireguard-tools && \ - git checkout "${WIREGUARD_RELEASE}" && \ - make -C src -j$(nproc) && \ - make -C src install && \ - echo "**** install CoreDNS ****" && \ - COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ - | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ - curl -o \ - /tmp/coredns.tar.gz -L \ - "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm.tgz" && \ - tar xf \ - /tmp/coredns.tar.gz -C \ - /app && \ - echo "**** clean up ****" && \ - rm -rf \ - /tmp/* \ - /var/lib/apt/lists/* \ - /var/tmp/* + echo "**** install dependencies ****" && \ + apk add --no-cache --virtual=build-dependencies \ + bc \ + build-base \ + coredns \ + elfutils-dev \ + gcc \ + git \ + linux-headers && \ + apk add --no-cache \ + bc \ + coredns \ + gnupg \ + iproute2 \ + iptables \ + iputils \ + libqrencode \ + net-tools \ + openresolv \ + perl && \ + echo "wireguard" >> /etc/modules && \ + echo "**** install wireguard-tools ****" && \ + if [ -z ${WIREGUARD_RELEASE+x} ]; then \ + WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ + | jq -r .[0].name); \ + fi && \ + cd /app && \ + git clone https://git.zx2c4.com/wireguard-linux-compat && \ + git clone https://git.zx2c4.com/wireguard-tools && \ + cd wireguard-tools && \ + git checkout "${WIREGUARD_RELEASE}" && \ + make -C src -j$(nproc) && \ + make -C src install && \ + echo "**** clean up ****" && \ + apk del --no-network build-dependencies && \ + rm -rf \ + /tmp/* # add local files COPY /root / diff --git a/Jenkinsfile b/Jenkinsfile index f1203702..11609521 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -24,7 +24,7 @@ pipeline { DOCKERHUB_IMAGE = 'linuxserver/wireguard' DEV_DOCKERHUB_IMAGE = 'lsiodev/wireguard' PR_DOCKERHUB_IMAGE = 'lspipepr/wireguard' - DIST_IMAGE = 'ubuntu' + DIST_IMAGE = 'alpine' MULTIARCH='true' CI='false' CI_WEB='false' @@ -42,7 +42,7 @@ pipeline { script{ env.EXIT_STATUS = '' env.LS_RELEASE = sh( - script: '''docker run --rm ghcr.io/linuxserver/alexeiled-skopeo sh -c 'skopeo inspect docker://docker.io/'${DOCKERHUB_IMAGE}':latest 2>/dev/null' | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', + script: '''docker run --rm ghcr.io/linuxserver/alexeiled-skopeo sh -c 'skopeo inspect docker://docker.io/'${DOCKERHUB_IMAGE}':alpine 2>/dev/null' | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', returnStdout: true).trim() env.LS_RELEASE_NOTES = sh( script: '''cat readme-vars.yml | awk -F \\" '/date: "[0-9][0-9].[0-9][0-9].[0-9][0-9]:/ {print $4;exit;}' | sed -E ':a;N;$!ba;s/\\r{0,1}\\n/\\\\n/g' ''', @@ -144,10 +144,10 @@ pipeline { } } } - // If this is a master build use live docker endpoints + // If this is a alpine build use live docker endpoints stage("Set ENV live build"){ when { - branch "master" + branch "alpine" environment name: 'CHANGE_ID', value: '' } steps { @@ -157,20 +157,20 @@ pipeline { env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/' + env.CONTAINER_NAME env.QUAYIMAGE = 'quay.io/linuxserver.io/' + env.CONTAINER_NAME if (env.MULTIARCH == 'true') { - env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + env.CI_TAGS = 'amd64-alpine-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm32v7-alpine-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm64v8-alpine-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER } else { - env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + env.CI_TAGS = 'alpine-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER } env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER - env.META_TAG = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER - env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN + env.META_TAG = 'alpine-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + env.EXT_RELEASE_TAG = 'alpine-version-' + env.EXT_RELEASE_CLEAN } } } // If this is a dev build use dev docker endpoints stage("Set ENV dev build"){ when { - not {branch "master"} + not {branch "alpine"} environment name: 'CHANGE_ID', value: '' } steps { @@ -180,13 +180,13 @@ pipeline { env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lsiodev-' + env.CONTAINER_NAME env.QUAYIMAGE = 'quay.io/linuxserver.io/lsiodev-' + env.CONTAINER_NAME if (env.MULTIARCH == 'true') { - env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + env.CI_TAGS = 'amd64-alpine-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm32v7-alpine-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm64v8-alpine-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA } else { - env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + env.CI_TAGS = 'alpine-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA } env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA - env.META_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA - env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN + env.META_TAG = 'alpine-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + env.EXT_RELEASE_TAG = 'alpine-version-' + env.EXT_RELEASE_CLEAN env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DEV_DOCKERHUB_IMAGE + '/tags/' } } @@ -203,13 +203,13 @@ pipeline { env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lspipepr-' + env.CONTAINER_NAME env.QUAYIMAGE = 'quay.io/linuxserver.io/lspipepr-' + env.CONTAINER_NAME if (env.MULTIARCH == 'true') { - env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + env.CI_TAGS = 'amd64-alpine-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm32v7-alpine-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm64v8-alpine-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST } else { - env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + env.CI_TAGS = 'alpine-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST } env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST - env.META_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST - env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN + env.META_TAG = 'alpine-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + env.EXT_RELEASE_TAG = 'alpine-version-' + env.EXT_RELEASE_CLEAN env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/pull/' + env.PULL_REQUEST env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.PR_DOCKERHUB_IMAGE + '/tags/' } @@ -247,7 +247,7 @@ pipeline { // Use helper containers to render templated files stage('Update-Templates') { when { - branch "master" + branch "alpine" environment name: 'CHANGE_ID', value: '' expression { env.CONTAINER_NAME != null @@ -258,13 +258,13 @@ pipeline { set -e TEMPDIR=$(mktemp -d) docker pull ghcr.io/linuxserver/jenkins-builder:latest - docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH=master -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest + docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH=alpine -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest # Stage 1 - Jenkinsfile update if [[ "$(md5sum Jenkinsfile | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile | awk '{ print $1 }')" ]]; then mkdir -p ${TEMPDIR}/repo git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO} cd ${TEMPDIR}/repo/${LS_REPO} - git checkout -f master + git checkout -f alpine cp ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile ${TEMPDIR}/repo/${LS_REPO}/ git add Jenkinsfile git commit -m 'Bot Updating Templated Files' @@ -287,7 +287,7 @@ pipeline { mkdir -p ${TEMPDIR}/repo git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO} cd ${TEMPDIR}/repo/${LS_REPO} - git checkout -f master + git checkout -f alpine for i in ${TEMPLATES_TO_DELETE}; do git rm "${i}" done @@ -308,7 +308,7 @@ pipeline { mkdir -p ${TEMPDIR}/repo git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO} cd ${TEMPDIR}/repo/${LS_REPO} - git checkout -f master + git checkout -f alpine cd ${TEMPDIR}/docker-${CONTAINER_NAME} mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/workflows mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/ISSUE_TEMPLATE @@ -366,7 +366,7 @@ pipeline { // Exit the build if the Templated files were just updated stage('Template-exit') { when { - branch "master" + branch "alpine" environment name: 'CHANGE_ID', value: '' environment name: 'FILES_UPDATED', value: 'true' expression { @@ -405,7 +405,7 @@ pipeline { // Add package to Scarf.sh and set permissions stage("Scarf.sh package registry"){ when { - branch "master" + branch "alpine" environment name: 'EXIT_STATUS', value: '' } steps{ @@ -562,7 +562,7 @@ pipeline { // Take the image we just built and dump package versions for comparison stage('Update-packages') { when { - branch "master" + branch "alpine" environment name: 'CHANGE_ID', value: '' environment name: 'EXIT_STATUS', value: '' } @@ -599,7 +599,7 @@ pipeline { echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github" if [ "${NEW_PACKAGE_TAG}" != "${PACKAGE_TAG}" ]; then git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/${LS_REPO} - git --git-dir ${TEMPDIR}/${LS_REPO}/.git checkout -f master + git --git-dir ${TEMPDIR}/${LS_REPO}/.git checkout -f alpine cp ${TEMPDIR}/package_versions.txt ${TEMPDIR}/${LS_REPO}/ cd ${TEMPDIR}/${LS_REPO}/ wait @@ -623,7 +623,7 @@ pipeline { // Exit the build if the package file was just updated stage('PACKAGE-exit') { when { - branch "master" + branch "alpine" environment name: 'CHANGE_ID', value: '' environment name: 'PACKAGE_UPDATED', value: 'true' environment name: 'EXIT_STATUS', value: '' @@ -644,7 +644,7 @@ pipeline { // Exit the build if this is just a package check and there are no changes to push stage('PACKAGECHECK-exit') { when { - branch "master" + branch "alpine" environment name: 'CHANGE_ID', value: '' environment name: 'PACKAGE_UPDATED', value: 'false' environment name: 'EXIT_STATUS', value: '' @@ -747,12 +747,12 @@ pipeline { echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin for PUSHIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do docker tag ${IMAGE}:${META_TAG} ${PUSHIMAGE}:${META_TAG} - docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:latest + docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:alpine docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${EXT_RELEASE_TAG} if [ -n "${SEMVER}" ]; then docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${SEMVER} fi - docker push ${PUSHIMAGE}:latest + docker push ${PUSHIMAGE}:alpine docker push ${PUSHIMAGE}:${META_TAG} docker push ${PUSHIMAGE}:${EXT_RELEASE_TAG} if [ -n "${SEMVER}" ]; then @@ -766,7 +766,7 @@ pipeline { docker rmi \ ${DELETEIMAGE}:${META_TAG} \ ${DELETEIMAGE}:${EXT_RELEASE_TAG} \ - ${DELETEIMAGE}:latest || : + ${DELETEIMAGE}:alpine || : if [ -n "${SEMVER}" ]; then docker rmi ${DELETEIMAGE}:${SEMVER} || : fi @@ -813,9 +813,9 @@ pipeline { docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest - docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest - docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest + docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-alpine + docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-alpine + docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-alpine docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} @@ -827,9 +827,9 @@ pipeline { docker push ${MANIFESTIMAGE}:amd64-${META_TAG} docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG} docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker push ${MANIFESTIMAGE}:amd64-latest - docker push ${MANIFESTIMAGE}:arm32v7-latest - docker push ${MANIFESTIMAGE}:arm64v8-latest + docker push ${MANIFESTIMAGE}:amd64-alpine + docker push ${MANIFESTIMAGE}:arm32v7-alpine + docker push ${MANIFESTIMAGE}:arm64v8-alpine docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} @@ -838,10 +838,10 @@ pipeline { docker push ${MANIFESTIMAGE}:arm32v7-${SEMVER} docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER} fi - docker manifest push --purge ${MANIFESTIMAGE}:latest || : - docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:arm64v8-latest - docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm32v7-latest --os linux --arch arm - docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm64v8-latest --os linux --arch arm64 --variant v8 + docker manifest push --purge ${MANIFESTIMAGE}:alpine || : + docker manifest create ${MANIFESTIMAGE}:alpine ${MANIFESTIMAGE}:amd64-alpine ${MANIFESTIMAGE}:arm32v7-alpine ${MANIFESTIMAGE}:arm64v8-alpine + docker manifest annotate ${MANIFESTIMAGE}:alpine ${MANIFESTIMAGE}:arm32v7-alpine --os linux --arch arm + docker manifest annotate ${MANIFESTIMAGE}:alpine ${MANIFESTIMAGE}:arm64v8-alpine --os linux --arch arm64 --variant v8 docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} || : docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} --os linux --arch arm @@ -856,7 +856,7 @@ pipeline { docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm32v7-${SEMVER} --os linux --arch arm docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} --os linux --arch arm64 --variant v8 fi - docker manifest push --purge ${MANIFESTIMAGE}:latest + docker manifest push --purge ${MANIFESTIMAGE}:alpine docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} if [ -n "${SEMVER}" ]; then @@ -869,13 +869,13 @@ pipeline { for DELETEIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do docker rmi \ ${DELETEIMAGE}:amd64-${META_TAG} \ - ${DELETEIMAGE}:amd64-latest \ + ${DELETEIMAGE}:amd64-alpine \ ${DELETEIMAGE}:amd64-${EXT_RELEASE_TAG} \ ${DELETEIMAGE}:arm32v7-${META_TAG} \ - ${DELETEIMAGE}:arm32v7-latest \ + ${DELETEIMAGE}:arm32v7-alpine \ ${DELETEIMAGE}:arm32v7-${EXT_RELEASE_TAG} \ ${DELETEIMAGE}:arm64v8-${META_TAG} \ - ${DELETEIMAGE}:arm64v8-latest \ + ${DELETEIMAGE}:arm64v8-alpine \ ${DELETEIMAGE}:arm64v8-${EXT_RELEASE_TAG} || : if [ -n "${SEMVER}" ]; then docker rmi \ @@ -894,7 +894,7 @@ pipeline { // If this is a public release tag it in the LS Github stage('Github-Tag-Push-Release') { when { - branch "master" + branch "alpine" expression { env.LS_RELEASE != env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER } @@ -906,14 +906,14 @@ pipeline { sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \ -d '{"tag":"'${META_TAG}'",\ "object": "'${COMMIT_SHA}'",\ - "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to master",\ + "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to alpine",\ "type": "commit",\ "tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' ''' echo "Pushing New release for Tag" sh '''#! /bin/bash echo "Updating to ${EXT_RELEASE_CLEAN}" > releasebody.json echo '{"tag_name":"'${META_TAG}'",\ - "target_commitish": "master",\ + "target_commitish": "alpine",\ "name": "'${META_TAG}'",\ "body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**Remote Changes:**\\n\\n' > start printf '","draft": false,"prerelease": false}' >> releasebody.json diff --git a/README.md b/README.md index 3eef17e4..f7719208 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ - + [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io) @@ -37,7 +37,7 @@ Find us at: [![Quay.io](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Quay.io)](https://quay.io/repository/linuxserver.io/wireguard) [![Docker Pulls](https://img.shields.io/docker/pulls/linuxserver/wireguard.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=pulls&logo=docker)](https://hub.docker.com/r/linuxserver/wireguard) [![Docker Stars](https://img.shields.io/docker/stars/linuxserver/wireguard.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=stars&logo=docker)](https://hub.docker.com/r/linuxserver/wireguard) -[![Jenkins Build](https://img.shields.io/jenkins/build?labelColor=555555&logoColor=ffffff&style=for-the-badge&jobUrl=https%3A%2F%2Fci.linuxserver.io%2Fjob%2FDocker-Pipeline-Builders%2Fjob%2Fdocker-wireguard%2Fjob%2Fmaster%2F&logo=jenkins)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/) +[![Jenkins Build](https://img.shields.io/jenkins/build?labelColor=555555&logoColor=ffffff&style=for-the-badge&jobUrl=https%3A%2F%2Fci.linuxserver.io%2Fjob%2FDocker-Pipeline-Builders%2Fjob%2Fdocker-wireguard%2Fjob%2Falpine%2F&logo=jenkins)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/alpine/) [WireGuard®](https://www.wireguard.com/) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry. @@ -47,7 +47,7 @@ Find us at: We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/). -Simply pulling `lscr.io/linuxserver/wireguard:latest` should retrieve the correct image for your arch, but you can also pull specific arch images via tags. +Simply pulling `lscr.io/linuxserver/wireguard:alpine` should retrieve the correct image for your arch, but you can also pull specific arch images via tags. The architectures supported by this image are: @@ -57,6 +57,15 @@ The architectures supported by this image are: | arm64 | ✅ | arm64v8-\ | | armhf| ✅ | arm32v7-\ | +## Version Tags + +This image provides various versions that are available via tags. Please read the descriptions carefully and exercise caution when using unstable or development tags. + +| Tag | Available | Description | +| :----: | :----: |--- | +| latest | ✅ | Stable releases with support for compiling Wireguard modules | +| alpine | ✅ | Stable releases based on Alpine *without* support for compiling Wireguard modules | + ## Application Setup During container start, it will first check if the wireguard module is already installed and loaded. Kernels newer than 5.6 generally have the wireguard module built-in (along with some older custom kernels). However, the module may not be enabled. Make sure it is enabled prior to starting the container. @@ -132,7 +141,7 @@ Here are some example snippets to help you get started creating a container. version: "2.1" services: wireguard: - image: lscr.io/linuxserver/wireguard:latest + image: lscr.io/linuxserver/wireguard:alpine container_name: wireguard cap_add: - NET_ADMIN @@ -180,7 +189,7 @@ docker run -d \ -v /lib/modules:/lib/modules \ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ --restart unless-stopped \ - lscr.io/linuxserver/wireguard:latest + lscr.io/linuxserver/wireguard:alpine ``` ## Parameters @@ -251,7 +260,7 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to * container version number * `docker inspect -f '{{ index .Config.Labels "build_version" }}' wireguard` * image version number - * `docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/wireguard:latest` + * `docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/wireguard:alpine` ## Updating Info @@ -269,7 +278,7 @@ Below are the instructions for updating containers: ### Via Docker Run -* Update the image: `docker pull lscr.io/linuxserver/wireguard:latest` +* Update the image: `docker pull lscr.io/linuxserver/wireguard:alpine` * Stop the running container: `docker stop wireguard` * Delete the container: `docker rm wireguard` * Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your `/config` folder and settings will be preserved) @@ -304,7 +313,7 @@ cd docker-wireguard docker build \ --no-cache \ --pull \ - -t lscr.io/linuxserver/wireguard:latest . + -t lscr.io/linuxserver/wireguard:alpine . ``` The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static` diff --git a/jenkins-vars.yml b/jenkins-vars.yml index 1b241b7f..104b1b98 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -5,8 +5,8 @@ project_name: docker-wireguard external_type: na custom_version_command: "curl -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name" release_type: stable -release_tag: latest -ls_branch: master +release_tag: alpine +ls_branch: alpine repo_vars: - CONTAINER_NAME = 'wireguard' - BUILD_VERSION_ARG = 'WIREGUARD_VERSION' @@ -15,7 +15,7 @@ repo_vars: - DOCKERHUB_IMAGE = 'linuxserver/wireguard' - DEV_DOCKERHUB_IMAGE = 'lsiodev/wireguard' - PR_DOCKERHUB_IMAGE = 'lspipepr/wireguard' - - DIST_IMAGE = 'ubuntu' + - DIST_IMAGE = 'alpine' - MULTIARCH='true' - CI='false' - CI_WEB='false' diff --git a/readme-vars.yml b/readme-vars.yml index 195997db..40720721 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -14,10 +14,10 @@ available_architectures: - { arch: "{{ arch_armhf }}", tag: "arm32v7-latest"} # development version -development_versions: false +development_versions: true development_versions_items: - - { tag: "latest", desc: "Stable releases" } - - { tag: "development", desc: "Prereleases from their GitHub" } + - { tag: "latest", desc: "Stable releases with support for compiling Wireguard modules" } + - { tag: "alpine", desc: "Stable releases based on Alpine *without* support for compiling Wireguard modules" } # container parameters common_param_env_vars_enabled: true diff --git a/root/defaults/Corefile b/root/defaults/Corefile index c8e2152f..ded974e1 100644 --- a/root/defaults/Corefile +++ b/root/defaults/Corefile @@ -1,4 +1,5 @@ . { loop + health forward . /etc/resolv.conf } \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run b/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run index 2e4d4355..0ae42e0c 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run +++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run @@ -6,155 +6,9 @@ echo "Uname info: $(uname -a)" # check for wireguard module ip link del dev test 2>/dev/null if ip link add dev test type wireguard; then - echo "**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****" - SKIP_COMPILE="true" - ip link del dev test + echo "**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****" + ip link del dev test else - echo "**** The wireguard module is not active, will attempt kernel header install and module compilation. If you believe that your kernel should have wireguard support already, make sure that it is activated via modprobe! ****" -fi - -# install headers if necessary -if [ "$SKIP_COMPILE" != "true" ] && [ ! -e /lib/modules/$(uname -r)/build ]; then - echo "**** Attempting kernel header install ****" - apt-get update - if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - apt-get install -y \ - linux-headers-$(uname -r) - elif (uname -r | grep -q 'v7+') || (uname -r | grep -q 'v7l+') || (uname -r | grep -q 'v8+'); then - echo "**** Raspbian kernel naming convention detected, attempting to install raspbian kernel headers ****" - curl -s http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add - - echo -e \ - "deb http://archive.raspberrypi.org/debian/ buster main\ndeb-src http://archive.raspberrypi.org/debian/ buster main" \ - > /etc/apt/sources.list.d/raspbian.list - apt-get update - apt-get install -y \ - raspberrypi-kernel-headers - elif uname -v | grep -q 'Ubuntu'; then - echo "**** Ubuntu kernel detected, but likely not Jammy. ****" - echo "**** Attempting to install kernel headers from Ubuntu Focal repo ****" - if uname -m | grep -q 'x86_64'; then - echo -e \ - "deb http://archive.ubuntu.com/ubuntu/ focal main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ focal main restricted\n\ndeb http://archive.ubuntu.com/ubuntu/ focal-updates main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ focal-updates main restricted" \ - > /etc/apt/sources.list.d/xenial-bionic-focal.list - else - echo -e \ - "deb http://ports.ubuntu.com/ubuntu-ports/ focal main restricted\ndeb-src http://ports.ubuntu.com/ubuntu-ports/ focal main restricted\n\ndeb http://ports.ubuntu.com/ubuntu-ports/ focal-updates main restricted\ndeb-src http://ports.ubuntu.com/ubuntu-ports/ focal-updates main restricted" \ - > /etc/apt/sources.list.d/xenial-bionic-focal.list - fi - apt-get update - if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - apt-get install -y \ - linux-headers-$(uname -r) - else - echo "**** No kernel headers found in the Ubuntu Focal repo!! Trying Ubuntu Bionic. ****" - sed -i 's/focal/bionic/g' /etc/apt/sources.list.d/xenial-bionic-focal.list - apt-get update - if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - apt-get install -y \ - linux-headers-$(uname -r) - else - echo "**** No kernel headers found in the Ubuntu Bionic repo!! Trying Ubuntu Xenial. ****" - sed -i 's/bionic/xenial/g' /etc/apt/sources.list.d/xenial-bionic-focal.list - apt-get update - if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - apt-get install -y \ - linux-headers-$(uname -r) - else - echo "**** No kernel headers found in the Ubuntu repos!! Will try the headers from host (if mapped), may or may not work ****" - rm -rf /etc/apt/sources.list.d/xenial-bionic-focal.list - fi - fi - fi - elif uname -v | grep -q 'Debian'; then - echo "**** Debian host detected, attempting to install kernel headers from Debian Buster repo ****" - curl -s https://ftp-master.debian.org/keys/archive-key-10.asc | apt-key add - - curl -s https://ftp-master.debian.org/keys/archive-key-10-security.asc | apt-key add - - cat < /etc/apt/sources.list.d/debian.list -deb http://deb.debian.org/debian buster main contrib non-free -deb-src http://deb.debian.org/debian buster main contrib non-free -deb http://deb.debian.org/debian-security/ buster/updates main contrib non-free -deb-src http://deb.debian.org/debian-security/ buster/updates main contrib non-free -deb http://deb.debian.org/debian buster-updates main contrib non-free -deb-src http://deb.debian.org/debian buster-updates main contrib non-free -deb http://deb.debian.org/debian buster-backports main contrib non-free -deb-src http://deb.debian.org/debian buster-backports main contrib non-free -DUDE - apt-get update - if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - if uname -r | grep -qs "bpo"; then - echo "**** Backported kernel detected ****" - apt-get install -y -t buster-backports \ - linux-headers-$(uname -r) - else - apt-get install -y \ - linux-headers-$(uname -r) - fi - else - echo "**** Attempting to install kernel headers from the Debian Stretch repo ****" - curl -s https://ftp-master.debian.org/keys/archive-key-9.asc | apt-key add - - curl -s https://ftp-master.debian.org/keys/archive-key-9-security.asc | apt-key add - - sed -i 's/buster/stretch/g' /etc/apt/sources.list.d/debian.list - apt-get update - if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - if uname -r | grep -qs "bpo"; then - echo "**** Backported kernel detected ****" - apt-get install -y -t stretch-backports \ - linux-headers-$(uname -r) - else - apt-get install -y \ - linux-headers-$(uname -r) - fi - else - echo "**** No kernel headers found in Debian repos!! Will try the headers from host (if mapped), may or may not work ****" - rm -rf /etc/apt/sources.list.d/debian.list - fi - fi - else - echo "**** No kernel headers found in the Ubuntu or Debian repos!! Will try the headers from host (if mapped), may or may not work ****" - fi -fi - -if [ "$SKIP_COMPILE" != "true" ]; then - if [ -e /lib/modules/$(uname -r)/build ]; then - echo "**** Kernel headers seem to be present, attempting to build the wireguard module. . . ****" - if [ ! -f /lib/modules/$(uname -r)/build/certs/signing_key.pem ]; then - mkdir -p /lib/modules/$(uname -r)/build/certs - cd /lib/modules/$(uname -r)/build/certs - cat <> x509.genkey -[ req ] -default_bits = 4096 -distinguished_name = req_distinguished_name -prompt = no -string_mask = utf8only -x509_extensions = myexts - -[ req_distinguished_name ] -CN = Modules - -[ myexts ] -basicConstraints=critical,CA:FALSE -keyUsage=digitalSignature -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid -DUDE - echo "**** Generating signing key ****" - openssl req -new -nodes -utf8 -sha512 -days 36500 -batch -x509 -config x509.genkey -outform DER -out signing_key.x509 -keyout signing_key.pem - fi - cd /app - echo "**** Building the module ****" - make -C wireguard-linux-compat/src -j$(nproc) - make -C wireguard-linux-compat/src install - echo "**** Let's test our new module. ****" - ip link del dev test 2>/dev/null - if ip link add dev test type wireguard; then - echo "**** The module is active, moving forward with setup. ****" - ip link del dev test - else - echo "**** The module is not active, review the logs. Sleeping now. . . ****" - sleep infinity - fi - else - echo "**** Kernel headers don't seem to be available in Ubuntu, Debian and Raspbian repos, or shared from the host; therefore can't compile the module. Sleeping now. . . ****" + echo "**** The wireguard module is not active. If you believe that your kernel should have wireguard support already, make sure that it is activated via modprobe! ****" sleep infinity - fi fi diff --git a/root/etc/s6-overlay/s6-rc.d/svc-coredns/run b/root/etc/s6-overlay/s6-rc.d/svc-coredns/run index 4206c532..23c02825 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-coredns/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-coredns/run @@ -1,11 +1,18 @@ #!/usr/bin/with-contenv bash if netstat -apn | grep -q ":53 "; then - echo "Another service is using port 53, disabling CoreDNS" - sleep infinity + echo "Another service is using port 53, disabling CoreDNS" + sleep infinity else - exec \ - s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z -u 127.0.0.1 53" \ - cd /config/coredns \ - /app/coredns -dns.port=53 + if grep -q "health" /config/coredns/Corefile; then + exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "redirfd -w 1 /dev/null curl -s http://localhost:8080/health" \ + cd /config/coredns \ + /usr/bin/coredns -dns.port=53 + else + exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -zu localhost 53" \ + cd /config/coredns \ + /usr/bin/coredns -dns.port=53 + fi fi From e16de6fb5375c2a46a9360d21f172c18978e18ce Mon Sep 17 00:00:00 2001 From: TheSpad Date: Sun, 9 Oct 2022 21:56:31 +0100 Subject: [PATCH 2/8] Switch to oneshot for wg, add finish script --- root/etc/s6-overlay/s6-rc.d/svc-wireguard/down | 1 + root/etc/s6-overlay/s6-rc.d/svc-wireguard/finish | 3 +++ root/etc/s6-overlay/s6-rc.d/svc-wireguard/run | 11 ----------- root/etc/s6-overlay/s6-rc.d/svc-wireguard/type | 2 +- root/etc/s6-overlay/s6-rc.d/svc-wireguard/up | 1 + 5 files changed, 6 insertions(+), 12 deletions(-) create mode 100644 root/etc/s6-overlay/s6-rc.d/svc-wireguard/down create mode 100755 root/etc/s6-overlay/s6-rc.d/svc-wireguard/finish create mode 100644 root/etc/s6-overlay/s6-rc.d/svc-wireguard/up diff --git a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/down b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/down new file mode 100644 index 00000000..1bf02103 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/down @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/svc-wireguard/finish \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/finish b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/finish new file mode 100755 index 00000000..3403cb90 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/finish @@ -0,0 +1,3 @@ +#!/usr/bin/with-contenv bash + +wg-quick down wg0 diff --git a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/run b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/run index 9ef15b46..8f4e38ae 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/run @@ -1,14 +1,3 @@ #!/usr/bin/with-contenv bash -_term() { - echo "Caught SIGTERM signal!" - wg-quick down wg0 -} - -trap _term SIGTERM - wg-quick up wg0 - -sleep infinity & - -wait diff --git a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/type b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/type index 1780f9f4..3d92b15f 100644 --- a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/type +++ b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/type @@ -1 +1 @@ -longrun \ No newline at end of file +oneshot \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/up b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/up new file mode 100644 index 00000000..5689d7d7 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/svc-wireguard/run \ No newline at end of file From 1dff4bd905ed16488c6a53f7943784ed2fb8a895 Mon Sep 17 00:00:00 2001 From: TheSpad Date: Sun, 9 Oct 2022 22:59:15 +0100 Subject: [PATCH 3/8] Remove net.ipv4.conf.all.src_valid_mark check from wg-quick --- Dockerfile | 1 + Dockerfile.aarch64 | 1 + Dockerfile.armhf | 1 + 3 files changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 90e62202..d34603bb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,6 +41,7 @@ RUN \ git checkout "${WIREGUARD_RELEASE}" && \ make -C src -j$(nproc) && \ make -C src install && \ + sed -i '/\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1/d' /usr/bin/wg-quick && \ echo "**** clean up ****" && \ apk del --no-network build-dependencies && \ rm -rf \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 8a2f0421..99868de3 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -41,6 +41,7 @@ RUN \ git checkout "${WIREGUARD_RELEASE}" && \ make -C src -j$(nproc) && \ make -C src install && \ + sed -i '/\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1/d' /usr/bin/wg-quick && \ echo "**** clean up ****" && \ apk del --no-network build-dependencies && \ rm -rf \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 1a8a835b..1be1ba5c 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -41,6 +41,7 @@ RUN \ git checkout "${WIREGUARD_RELEASE}" && \ make -C src -j$(nproc) && \ make -C src install && \ + sed -i '/\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1/d' /usr/bin/wg-quick && \ echo "**** clean up ****" && \ apk del --no-network build-dependencies && \ rm -rf \ From ac4132c1954d436dcde184129b63ad0917ded02e Mon Sep 17 00:00:00 2001 From: TheSpad Date: Sun, 9 Oct 2022 22:59:26 +0100 Subject: [PATCH 4/8] Fix service deps and coredns disabling --- root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run | 2 +- root/etc/s6-overlay/s6-rc.d/svc-coredns/run | 4 ++++ .../dependencies.d/{svc-coredns => init-services} | 0 3 files changed, 5 insertions(+), 1 deletion(-) rename root/etc/s6-overlay/s6-rc.d/svc-wireguard/dependencies.d/{svc-coredns => init-services} (100%) diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run b/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run index 214fcec0..a5d392c4 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run +++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run @@ -163,7 +163,7 @@ else sleep infinity fi echo "**** Disabling CoreDNS ****" - rm -rf /etc/services.d/coredns + printf "false" > /run/s6/container_environment/USE_COREDNS fi # set up CoreDNS diff --git a/root/etc/s6-overlay/s6-rc.d/svc-coredns/run b/root/etc/s6-overlay/s6-rc.d/svc-coredns/run index 23c02825..0097ece4 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-coredns/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-coredns/run @@ -1,6 +1,10 @@ #!/usr/bin/with-contenv bash if netstat -apn | grep -q ":53 "; then + USE_COREDNS="false" +fi + +if [[ ${USE_COREDNS} == "false" ]]; then echo "Another service is using port 53, disabling CoreDNS" sleep infinity else diff --git a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/dependencies.d/svc-coredns b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/dependencies.d/init-services similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/svc-wireguard/dependencies.d/svc-coredns rename to root/etc/s6-overlay/s6-rc.d/svc-wireguard/dependencies.d/init-services From 8e09eecaf8d11ad8452ba09106589e4d217de60f Mon Sep 17 00:00:00 2001 From: TheSpad Date: Sun, 9 Oct 2022 23:02:06 +0100 Subject: [PATCH 5/8] Improve user feedback --- root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run | 1 - root/etc/s6-overlay/s6-rc.d/svc-coredns/run | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run b/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run index a5d392c4..5e770694 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run +++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run @@ -162,7 +162,6 @@ else echo "**** No client conf found. Provide your own client conf as \"/config/wg0.conf\" and restart the container. ****" sleep infinity fi - echo "**** Disabling CoreDNS ****" printf "false" > /run/s6/container_environment/USE_COREDNS fi diff --git a/root/etc/s6-overlay/s6-rc.d/svc-coredns/run b/root/etc/s6-overlay/s6-rc.d/svc-coredns/run index 0097ece4..3abe7902 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-coredns/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-coredns/run @@ -5,7 +5,7 @@ if netstat -apn | grep -q ":53 "; then fi if [[ ${USE_COREDNS} == "false" ]]; then - echo "Another service is using port 53, disabling CoreDNS" + echo "**** Disabling CoreDNS ****" sleep infinity else if grep -q "health" /config/coredns/Corefile; then From 7227a72d407df9da0cd2c7e9fcf1c21e6a4bd471 Mon Sep 17 00:00:00 2001 From: TheSpad Date: Sun, 9 Oct 2022 23:15:51 +0100 Subject: [PATCH 6/8] Add fake readiness check for when coredns is disabled --- root/etc/s6-overlay/s6-rc.d/svc-coredns/run | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/root/etc/s6-overlay/s6-rc.d/svc-coredns/run b/root/etc/s6-overlay/s6-rc.d/svc-coredns/run index 3abe7902..3b0d700a 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-coredns/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-coredns/run @@ -5,8 +5,8 @@ if netstat -apn | grep -q ":53 "; then fi if [[ ${USE_COREDNS} == "false" ]]; then - echo "**** Disabling CoreDNS ****" - sleep infinity + s6-notifyoncheck -d -n 300 -w 1000 -c "echo '**** Disabling CoreDNS ****'" \ + sleep infinity else if grep -q "health" /config/coredns/Corefile; then exec \ From a8e36f5403416dd98e5c3f2941920627e6a07ee3 Mon Sep 17 00:00:00 2001 From: TheSpad Date: Sun, 9 Oct 2022 23:17:11 +0100 Subject: [PATCH 7/8] Remove unnecessary quotes --- root/etc/s6-overlay/s6-rc.d/svc-coredns/run | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root/etc/s6-overlay/s6-rc.d/svc-coredns/run b/root/etc/s6-overlay/s6-rc.d/svc-coredns/run index 3b0d700a..c341c038 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-coredns/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-coredns/run @@ -5,7 +5,7 @@ if netstat -apn | grep -q ":53 "; then fi if [[ ${USE_COREDNS} == "false" ]]; then - s6-notifyoncheck -d -n 300 -w 1000 -c "echo '**** Disabling CoreDNS ****'" \ + s6-notifyoncheck -d -n 300 -w 1000 -c "echo **** Disabling CoreDNS ****" \ sleep infinity else if grep -q "health" /config/coredns/Corefile; then From ec72b97b98c274ddaf2ec0a5bc62495d8e3fb754 Mon Sep 17 00:00:00 2001 From: TheSpad Date: Sun, 9 Oct 2022 23:26:58 +0100 Subject: [PATCH 8/8] Make wg depend on coredns again --- .../svc-wireguard/dependencies.d/{init-services => svc-coredns} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename root/etc/s6-overlay/s6-rc.d/svc-wireguard/dependencies.d/{init-services => svc-coredns} (100%) diff --git a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/dependencies.d/init-services b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/dependencies.d/svc-coredns similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/svc-wireguard/dependencies.d/init-services rename to root/etc/s6-overlay/s6-rc.d/svc-wireguard/dependencies.d/svc-coredns